Falcon/PrivateBox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

添加hash验证

Browse Source
This commit is contained in:
Falcon 2025-11-03 11:55:22 +08:00
parent 8e3d97365f
commit 0963b55fe9
2 changed files with 48 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PrivateBox/DataContext/CrytionItem.cs
View File

@ -16,7 +16,7 @@ namespace PrivateBox.DataContext
/// <summary> /// <summary>
/// 加密项值 /// 加密项值
/// </summary> /// </summary>
[SqlSugar.SugarColumn(ColumnDataType ="text")] [SqlSugar.SugarColumn(ColumnDataType = "text")]
public string? ItemValue { get; set; } public string? ItemValue { get; set; }
} }
} }

51
PrivateBox/EncryptionService.cs
View File

@ -1,4 +1,5 @@
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text;
/// <summary> /// <summary>
/// 加密解密服务接口 /// 加密解密服务接口
@ -76,9 +77,8 @@ public class AesEncryptionService:IEncryptionService
byte[] result = new byte[encryptedData.Length + SaltSize]; byte[] result = new byte[encryptedData.Length + SaltSize];
Array.Copy(encryptedData,0,result,0,encryptedData.Length); Array.Copy(encryptedData,0,result,0,encryptedData.Length);
Array.Copy(salt,0,result,encryptedData.Length,SaltSize); Array.Copy(salt,0,result,encryptedData.Length,SaltSize);
var (base64, hash) = GetHash(result);
// 转换为Base64返回 return $"{base64}${hash}";
return Convert.ToBase64String(result);
} }
public string Decrypt(string cipherText,string key) { public string Decrypt(string cipherText,string key) {
@ -88,6 +88,20 @@ public class AesEncryptionService:IEncryptionService
if(string.IsNullOrEmpty(key)) if(string.IsNullOrEmpty(key))
throw new ArgumentException("密钥不能为空",nameof(key)); throw new ArgumentException("密钥不能为空",nameof(key));
var result = new StringBuilder();
if(!cipherText.Contains("$")) {
result.AppendLine("加密值不包含验证");
}
if(cipherText.Contains("$")) {
var sp = cipherText.Split("$");
cipherText = sp[0];
if(sp.Length < 2 || string.IsNullOrEmpty(sp[1])) {
result.AppendLine("存在验证,但是验证码错误!");
}
if(!ValidateBase64(sp[0],sp[1])) {
result.AppendLine("加密验证失败!信息可能被篡改!");
}
}
// 1. 转换Base64为字节数组 // 1. 转换Base64为字节数组
byte[] fullData; byte[] fullData;
try { try {
@ -130,9 +144,10 @@ public class AesEncryptionService:IEncryptionService
using(MemoryStream msDecrypt = new MemoryStream(encryptedData,16,encryptedData.Length - 16)) using(MemoryStream msDecrypt = new MemoryStream(encryptedData,16,encryptedData.Length - 16))
using(CryptoStream csDecrypt = new CryptoStream(msDecrypt,decryptor,CryptoStreamMode.Read)) using(CryptoStream csDecrypt = new CryptoStream(msDecrypt,decryptor,CryptoStreamMode.Read))
using(StreamReader srDecrypt = new StreamReader(csDecrypt)) { using(StreamReader srDecrypt = new StreamReader(csDecrypt)) {
return srDecrypt.ReadToEnd(); result.AppendLine(srDecrypt.ReadToEnd());
} }
} }
return result.ToString();
} }
/// <summary> /// <summary>
@ -147,4 +162,32 @@ public class AesEncryptionService:IEncryptionService
return deriveBytes.GetBytes(KeySize); return deriveBytes.GetBytes(KeySize);
} }
} }
/// <summary>
/// 用于hash验证的key不可以修改修改会导致验证失败
/// </summary>
private readonly string hashKey = "694699FF-7157-4DF2-ACD9-E60CCFCC6007";
private (string base64, string hash) GetHash(byte[] bytes) {
var hk = Encoding.UTF8.GetBytes(hashKey);
using var sha256 = new HMACSHA256(hk);
byte[] hmacBytes = sha256.ComputeHash(bytes);
string hmacStr = BitConverter.ToString(hmacBytes).Replace("-","").ToLower();
string base64 = Convert.ToBase64String(bytes);
return (base64, hmacStr);
}
private bool ValidateBase64(string base64String,string hash) {
try {
byte[] decodedData = Convert.FromBase64String(base64String);
var hk = Encoding.UTF8.GetBytes(hashKey);
using var sha256 = new HMACSHA256(hk);
byte[] actualHashBytes = sha256.ComputeHash(decodedData);
string actualHash = BitConverter.ToString(actualHashBytes).Replace("-","").ToLower();
return actualHash == hash;
}
catch(FormatException) {
return false;
}
}
} }